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DETAILED ACTION 
Response to Amendment 

1 . This action is in response to amendments received July 27, 2005. 



Response to Arguments 

2. Applicant's arguments filed July 27, 2005 have been fully considered but they are 
not persuasive. With regard to Applicant's argument that Kenton does not mention the 
generating of a list of special device files Examiner respectfully disagrees. The keys file 
of Kenton acts as the list of special device files because it contains a series of driver 
license keys representing the class of peripheral devices that includes the peripheral 
device in question (3:42-54). The series of driver license keys function as special 
device files because they are files that represent a given peripheral device. 

Claim Rejections • 35 USC § 102 

3. Claim 1 rejected under 35 U.S.C. 102(b) as being anticipated by Kenton et al. 
(Kenton), U.S Patent No. 5,479,612. 

As per claim 1 , Kenton discloses a method for controlling access to a computer 
system device comprising steps of: 

retrieving the file attributes for the device file used in the system device access 
attempt (column 3, lines 63-65; column 4, lines 16-24, column 4, lines 41-44); 

Kenton demonstrates retrieving file attributes for the device files by obtaining 
identification information about the device file. In addition, because it has been 
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established that the identification information is being obtained from the device file being 
used in the system device access attempt, it has also been established that the 
resource making the access attempt is a device file thus encompassing the second 
element of this claim. 

determining whether the resource that is making the access attempt is a special 
device file (column 3, lines 63-65; column 4, lines 16-24, column 4, lines 41-44); 

As established above, the resource making the access attempt must be a special 
device file since the claim states that the file attributes will only be retrieved for a device 
file used on the system device access attempt. 

Kenton demonstrates the functionality of a special device file, through a device 
driver. Device drivers, "act as the portal to the device and its underlying functionality 
(Background of Invention, paragraph 1, lines 17-18)." Thus, a device driver is a special 
device file and will be referred to as such for the remainder of this office action. 

searching a mapping database for device files that represent the system device 
that is the object of the access attempt and generating a device file entry list of all 
protected device files that represent said system device (column 4, lines 29-33; column 
5, 18-22); 

Kenton exhibits the functionality of a "mapping database" through the use of 
device identification information as the look up data to be compared to a list of devices 
supported by the operating system. The identification information is mapped to the 
device it represents. 
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Kenton demonstrates the functionality of "protected device files" through the use 
of device files needing license keys in order to be accessed. Since access is denied if 
these licenses are not present, this protects the devices from being accessed by the 
user and are considered protected device files. 

generating an authorization decision for the access attempt to the system device 
based on the security policy that governs each device file in the device file entry list 
(column 5, lines 36-47). 

Unless applicant defines a more specific security policy, the one demonstrated 
by Kenton, based on the presence of driver licenses, qualifies as a security policy that 
generates an authorization decision for an access attempt. 

As per claim 2, the rejection of claim 1 is incorporated, and further Kenton 
discloses before said searching step the step of terminating said access control method 
when the accessing resource is not a special device file (column 4, lines 34-40). 

As previously stated in claim 1 , the resource must be a device file making the 
access attempt to have the file attributes retrieved from it, thus, if it were not a device 
file the file attributes would not have been retrieved and the identification information 
needed in order to proceed to the next step of the access control method would not 
have been obtained. As a result the method would be terminated. 

As per claim 3, the rejection of claim 1 is incorporated, and further Kenton 
discloses after said searching step the step of terminating said access control method 
when said searching step did not find any database entries that had device 



Application/Control Number: 09/843,069 Page 5 

Art Unit: 2132 

specifications that match the device specifications of the device file making the access 
attempt (column 4, lines 30-40). 

Kenton's identification information embodies the functionality of applicant's 
device specification. 

As per claim 4, the rejection of claim 1 is incorporated, and further Kenton 
disclose said searching step comprising the steps of: 

retrieving an entry from the mapping database (column 4, lines 29-34); 

comparing the device specification of the device file making the access attempt 
to the device specification of the database entry (column 4, lines 29-34); and 

comparing the file name of the device file making the access attempt to the 
protected object name of the database entry (column 4, lines 29-34). 

Kenton demonstrates the functionality of retrieving an entry from the list, i.e. 
mapping database, by virtue of the comparison step. In order to find and compare the 
correct peripheral device in the list, an entry in the list has already been retrieved in 
order to make the comparison since the entire list cannot be compared at the same 
time. Kenton shows the comparison of the immediate entry against each entry in the 
list. Each entry contains the device identification information and the device the 
identification information represents, thereby showing how this step compares both the 
specification of the device file and the object name. 

As per claim 5, the rejection of claim 4 is incorporated, and Kenton discloses a 
method further comprising after said file name comparison step the steps of: 

generating a device file entry list containing the database entry with the same file 
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specification and file name as the device file making the access attempt (column 5, lines 
27-28); 

Kenton demonstrates the functionality of generating a device file entry list by 
writing to a log file. 

terminating said searching step (column 5, lines 46-47). 

As per claim 6, the rejection of claim 4 is incorporated, and Kenton discloses a 
method further comprising after said file name comparison step the steps of placing in a 
file entry list, a mapping database entry having the same file specification as, but 
different file name from the device file making the access attempt (column 5, lines 36- 
40). 

Kenton shows the functionality of the list the applicant mentions through a list of 
devices which all share similar attributes and are grouped together but lack a driver 
license which is another way in which the peripheral devices are identified and access is 
controlled, i.e. the device file name. 

As per claim 7, the rejection of claim 6 is incorporated, and further Kenton 
discloses a method comprising the steps of: 

determining whether there are more entries in the database (column 4, lines 33- 

36); 

retrieving the next mapping database entry for comparison with said device file 
making the access attempt, when more entries are found in the mapping database 
(column 4, lines 33-36); and 

returning to said device file comparison step (column 4, lines 33-36). 
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In order to be assured that the a peripheral device is not included in the list, the 
search must include looping through the entire list entry by entry until no more entries 
remain. 

As per claim 8, the rejection of claim 2 is incorporated, and further Kenton 
discloses a method wherein said authorization decision step comprises the steps of: 

retrieving the current entry in the device file entry list (column 5, lines 18-22); 

In order to do the search, an fentry would have to be retrieved in order to 
proceed to the access decision step. 

calling the access decision component to obtain an access decision for the 
access attempt to the system device based on the security policy that governs the 
current entry in the device file entry list (figure 2, item 216); 

determining whether decision component granted access (column 5, lines 46- 

47); 

The purpose of the access decision component is to decide whether or not to 
grant the resource access to the device, therefore this step is redundant since it is 
already incorporated into the access decision component. 

determining whether more entries are in this file entry list, if decision component 
granted access (column 5, lines 36-46); and 

updating current entry in said device file entry list and returning to said current 
entry retrieving step (column 5, lines 36-46). 

Kenton exhibits the functionality of looping from the step of retrieving the next 
entry in the file entry list and determining if there are more entries by having to add all of 
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the values in the quantity fields for every valid installed key. In order to exhaust every 
valid installed key in the list, this step would have to loop through the entire list to add 
up each value, therefore, it would have to determine whether there are more entries and 
then return to the retrieval step if there were remaining items in the list. 

As per claim 9, the rejection of claim 8 is incorporated, and further Kenton 
discloses comprising after said decision determination step the step of denying the 
access attempt to the system device if the decision component of a device file entry 
denies access (item 216, figure 2, follow the "optional no" path). 

As per claim 10, the rejection of claim 8 is incorporated, and further Kenton 
discloses a method comprising the step of allowing the access attempt to the system 
device if no more entries are in the file entry list (step 216, figure 2). 

As previously stated, step 216 exhausts the entire list of valid installed keys in 
order to find the sum of all entries. Once the sum is computed, there are no more 
entries in the list and regardless of the decision, both paths lead to the use of the 
device. 

As per claim 11, Kenton discloses a method for controlling access to a computing 
system device being accessed through a device file, said access control being through 
an externally stored resource and comprising the steps of: 

monitoring the computing system for activities related to creating and accessing 
special device files that represent system devices (column 3, lines 25-30); 
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Since device drivers are the communication line between the peripheral devices 
themselves and the operating system, the device drivers themselves monitor when an 
access attempt is being made. 

restricting the creation of special device files based on rules defined in the 
externally stored resource (column 4, lines 64-67); and 

restricting special device file accesses based on rules defined in the externally 
stored resource (column 5, lines 5-8). 

The special device file access is restricted based on the rules associated with the 
driver license. 

As per claims 12-19, this is a product version of the claimed method discussed 
above in claims 1-11 wherein all claimed limitations have also been addressed and/or 
cited as set forth above. 

As per claim 20, Kenton discloses a computer connectable to a distributed 
computing system, which includes special device files containing information, related to 
corresponding system devices comprising: 

a processor (column 3, line 5; item 1 12, figure 1); 

a native operating system (column 3, lines 21-22; item 106, figure 1); 

application programs (column 3, lines 57-59); 

an externally stored authorization program overlaying said native operating 
system and augmenting the standard security controls of said native operating system 
(column 4, lines 41-44); 

a mapping database within said external authorization program containing a 
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system device to a protected object name entries for each protected file system object 

(column 4, lines 29-33); 

and 

a decision component within said authorization program for controlling access to 
special device files representing system devices (column 5, lines 15-22; column 6, lines 
52-53). 

As per claim 21 , the rejection of claim 20 is incorporated, and Kenton discloses a 
computer comprising an authorization program for restricting the creation of special 
device files representing protected system devices (column 4, lines 64-67). 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 
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Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kristin Derwich whose telephone number is 571-272- 
7958. The examiner can normally be reached on Monday - Friday, 8:00-5:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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